The statements in this section merely provide background information related to the present disclosure and do not necessarily constitute prior art.
Quantum key distribution (abbreviated below as QKD) utilizes uncertainty or randomness with a view to sharing an encryption key between a transmitter and a receiver, without leaking any information on the key to an eavesdropper.
A description is now given on a quantum key distribution procedure using the BB84 protocol, one of QKD protocols. Initially, a transmitter generates a random number sequence (sequence of 1s and 0s: transmission data), and randomly determines a transmission code (+: corresponding to a measuring apparatus capable of identifying light polarized in horizontal and vertical directions, x: corresponding to a measuring apparatus capable of identifying light polarized in diagonal directions). The polarization direction of transmitted light is automatically determined by using a combination of the random number sequence and the transmission code. This stage performs transmission of quantum signals such as horizontally polarized light with a combination of 0 and +, vertically polarized light with a combination of 1 and +, 45°-diagonally polarized light with a combination of 0 and x, and 135°-diagonally polarized light with a combination of 1 and x.
Then, a receiver randomly determines a reception code (as described above, +: capable of identifying light polarized in horizontal and vertical directions, x: capable of identifying light polarized in diagonal directions), and measures light on the quantum channel to obtain reception data (raw key). Here, the probability that the transmission and reception codes are identical to each other is 1/2, since the transmitter and the receiver have arbitrarily determined the transmission and reception codes, respectively. If or when the codes are identical, the receiver obtains the same bits as those in the random number sequence generated by the transmitter, as reception data. For example, the receiver obtains 0 with a combination of horizontally polarized light and reception code +, 1 with a combination of vertically polarized light and reception code +, 0 with a combination of 45°-diagonally polarized light and reception code x, and 1 with a combination of 135°-diagonally polarized light and reception code x. However, if or when the codes are not identical, there is no correlation between the random number sequence generated by the transmitter and the reception data measured by the receiver due to quantum mechanical characteristics.
The transmitter and the receiver then exchange and share code information to determine whether the transmission and reception codes are identical, and maintain only the random number sequence and the reception data corresponding to the identical part.
Subsequently, the transmitter and the receiver open a certain randomly determined part (e.g., half) of the residual random number sequence and the reception data to check a quantum bit error rate (abbreviated below as QBER), thereby determining whether any attacker eavesdrops. Although the remaining random number sequence and the reception data will be completely identical to each other when the transmission and reception systems and the channel have no error, in practical QKD systems QBER of about 3 to 7% usually occurs due to the imperfection of the transmission and reception systems and the channel. However, since an eavesdropping attack of an attacker increases the QBER to 25% or above (when the whole bit string is eavesdropped) based on the principle of quantum mechanics, a determination is made of whether an eavesdropping attack is present based on an appropriate reference value (e.g., 8%). If or when the QBER is above the appropriate reference value, eavesdropping is determined to be detected, and the QKD protocol is stopped and started over. Otherwise, if or when the QBER is equal to or below the appropriate reference value, a normal state is determined, and the rest of the random number sequence or the reception data remaining after QBER calculation is used as a sifted key.
The inventor(s) has noted that since the sifted key generated through the QKD protocol has bit errors of about 3 to 7% due to the imperfection of the channel and the transmission and reception systems, it is necessary to implement a post-processing protocol consisting of a reconciliation process for reconciling or removing bit errors and a privacy amplification process for removing information leaked in a quantum communication process and information leaked in the reconciliation process. The inventor(s) has experienced that the efficiency of a post-processing procedure in terms of operation and communication needs to be maximized to increase the key generation speed of a QKD protocol including the post-processing procedure.